JOB DESCRIPTION

Job Summary

IOM, UN Migration Agency in Valencia, Spain is looking for a Information and Communication Technology (ICT) Officer (Identity and Access Management) who will be responsible for the identity and access management function within ICT.

Key Responsibilities

IDENTITY AND ACCESS MANAGEMENT

• Design, configure, and maintain One Identity – Identity Manager (IDM) for user lifecycle management, provisioning, and role-based access control.
• Integrate identity data from the WAVE ERP system to drive Joiner/Mover/Leaver (JML) processes.
• Manage synchronization and identity federation between Microsoft Active Directory and Azure Active Directory (Entra ID).
• Define and implement access governance, including role modelling, segregation of duties (SoD), and access review campaigns.
• Develop automated workflows for account provisioning, deprovisioning, and entitlement management across all ICT platforms.
• Collaborate with HR, Information Security, and Compliance teams to enforce identity related policies.
• Enforce Just-In-Time (JIT) access for sensitive operations.
• Monitor and respond to identity-related incidents and service requests.
• Create and maintain IAM documentation including architecture diagrams, SOPs, and audit records.
• Supervise the IAM team and conduct effective performance management and promote a cooperative work environment.

MICROSOFT ACTIVE DIRECTORY AND ENTRA ID

• Ensure correct operation of hybrid identity sync from AD to Entra ID via Azure AD Connect and monitor sync health and conflict resolution.
• Define entitlement management with access packages for joiners/movers/leavers.
• Enforce naming conventions and OU placement standards.
• Manage service accounts with lifecycle governance (preferably with expiration controls).
• Manage access using Azure AD roles, administrative units, and custom roles.
• Assign privileged roles via Privileged Identity Management (PIM) with time-bound or approval-based access.
• Define Conditional Access Policies based on risk, device, location, and user sensitivity.
• Enforce MFA using built-in Entra policies.
• Enable the publishing and management of SaaS apps using SAML, OAuth, or OIDC for Single Sign-On (SSO).
• Configure provisioning connectors to automate account creation in cloud apps.
• Build processes to enforce user consent restrictions to limit data exposure to risky apps.
• Create and maintain procedures for maintenance of security groups and distribution lists.
• Implement and enforce role-based access control (RBAC) through group nesting and inheritance.
• Periodically review and clean up stale groups and memberships and establish access review campaigns for groups, apps, and privileged roles across regional offices.

ADDITIONAL RESPONSIBILITIES

• Provide input for the license entitlements and ensure correct integration with FinOps and licensing portals.
• Perform such other relevant duties as may be assigned.

Required Qualifications

Education

• Master’s degree in Cybersecurity, Computer Engineering, Computer Science, or a related field from an accredited academic institution with five years of relevant professional experience; or,
• University degree in the above fields with seven years of relevant professional experience.
• The following certifications are required.
• Microsoft Certified: Identity and Access Administrator Associate (SC-300).
• Microsoft Certified: Azure Administrator Associate (AZ-104).
• Must attain and maintain ITIL version 4 Foundation certification and CISSP.
• One Identity – Identity Manager Foundations (#IM-FND) certification is an advantage.
• Certified Information Systems Security Professional (CISSP) is an added advantage.

Accredited Universities are those listed in the UNESCO World Higher Education Database.

Experience

• A minimum of 5 years of experience in Identity & Access Management, IT Security, or related infrastructure engineering roles.
• Hands-on experience with One Identity – Identity Manager (strongly preferred).
• Solid proficiency in Microsoft Active Directory, Group Policy, and Azure Active Directory (Microsoft Entra ID).
• Experience in integrating IAM solutions with ERP systems for automated provisioning (e.g. SAP, Oracle).
• Understanding of authentication and authorization protocols (SAML, OAuth, OpenID Connect).
• Experience implementing RBAC, ABAC, and SoD controls.
• Strong scripting ability (PowerShell, SQL, or similar) for automating IAM workflows.

Skills

• Demonstrated ability to supervise and train teams to work effectively and harmoniously.
• Project management skills for efficient roll-out of ICT initiatives.
• Demonstrated understanding of automation of user lifecycle processes across HR, AD, and Entra ID.
• Demonstrated ability to communicate with business leaders and those with limited technical background effectively.
• Demonstrated ability to handle confidential data in a professional, responsible and mature manner.
• Familiarity with global IT security trends and the ability to adapt NIST standards to evolving security threats and technologies.
• Working knowledge of supporting One Identity Manager, Active Directory and Entra ID.

Languages

IOM”s official languages are English, French and Spanish.

For this position, fluency in English is required (oral and written). Working knowledge of an official UN Language (Arabic, Chinese, French, Russian, and Spanish) is an advantage.

Proficiency of language(s) required will be specifically evaluated during the selection process, which may include written and/or oral assessments.

Required Competencies

IOM”s competency framework can be found at this link. Competencies will be assessed during the selection process.

Values – all IOM staff members must abide by and demonstrate these five values:

• Inclusion and respect for diversity: Respects and promotes individual and cultural differences. Encourages diversity and inclusion.
• Integrity and transparency: Maintains high ethical standards and acts in a manner consistent with organizational principles/rules and standards of conduct.
• Professionalism: Demonstrates ability to work in a composed, competent and committed manner and exercises careful judgment in meeting day-to-day challenges.
• Courage: Demonstrates willingness to take a stand on issues of importance.
• Empathy: Shows compassion for others, makes people feel safe, respected and fairly treated.

Core Competencies – behavioural indicators

• Teamwork: Develops and promotes effective collaboration within and across units to achieve shared goals and optimize results.
• Delivering results: Produces and delivers quality results in a service-oriented and timely manner. Is action oriented and committed to achieving agreed outcomes.
• Managing and sharing knowledge: Continuously seeks to learn, share knowledge and innovate.
• Accountability: Takes ownership for achieving the Organization”s priorities and assumes responsibility for own actions and delegated work.
• Communication: Encourages and contributes to clear and open communication. Explains complex matters in an informative, inspiring and motivational way.

Managerial Competencies – behavioural indicators

• Leadership: Provides a clear sense of direction, leads by example and demonstrates the ability to carry out the Organization”s vision. Assists others to realize and develop their leadership and professional potential.
• Empowering others: Creates an enabling environment where staff can contribute their best and develop their potential.
• Building Trust: Promotes shared values and creates an atmosphere of trust and honesty.
• Strategic thinking and vision: Works strategically to realize the Organization”s goals and communicates a clear strategic direction.
• Humility: Leads with humility and shows openness to acknowledging own shortcomings.

Notes

Internationally recruited professional staff are required to be mobile.

Any offer made to the candidate in relation to this vacancy notice is subject to funding confirmation.

For this staff category, candidates who are nationals of the duty station”s country cannot be considered eligible.

Appointment will be subject to certification that the candidate is medically fit for appointment, accreditation, any residency or visa requirements, security clearances.

Vacancies close at 23:59 local time Geneva, Switzerland on the respective closing date. No late applications will be accepted.

IOM has a zero-tolerance policy on conduct that is incompatible with the aims and objectives of the United Nations and IOM, including sexual exploitation and abuse, sexual harassment, abuse of authority and discrimination based on gender, nationality, age, race, sexual orientation, religious or ethnic background or disabilities.

IOM does not charge a fee at any stage of its recruitment process (application, interview, processing, training or other fee). IOM does not request any information related to bank accounts.

IOM only accepts duly completed applications submitted through the IOM e-Recruitment system (for internal candidates link here). The online tool also allows candidates to track the status of their application.

Only shortlisted candidates will be contacted.

For further information and other job postings, you are welcome to visit our website: IOM Careers and Job Vacancies